1 files changed, 33 insertions, 10 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 3db3d29e69..25089ef0f6 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -456,16 +456,19 @@ AutenticatedVariableServiceInitialize (
 **/
 UINT32
 AddPubKeyInStore (
-  IN  UINT8               *PubKey
+  IN  UINT8                        *PubKey,
+  IN  VARIABLE_ENTRY_CONSISTENCY   *VariableDataEntry
   )
 {
-  EFI_STATUS              Status;
-  BOOLEAN                 IsFound;
-  UINT32                  Index;
-  VARIABLE_POINTER_TRACK  Variable;
-  UINT8                   *Ptr;
-  UINT8                   *Data;
-  UINTN                   DataSize;
+  EFI_STATUS                       Status;
+  BOOLEAN                          IsFound;
+  UINT32                           Index;
+  VARIABLE_POINTER_TRACK           Variable;
+  UINT8                            *Ptr;
+  UINT8                            *Data;
+  UINTN                            DataSize;
+  VARIABLE_ENTRY_CONSISTENCY       PublicKeyEntry;
+  UINT32                           Attributes;
 
   if (PubKey == NULL) {
     return 0;
@@ -546,6 +549,21 @@ AddPubKeyInStore (
       }     
     }
 
+    //
+    // Check the variable space for both public key and variable data.
+    //
+    PublicKeyEntry.VariableSize = (mPubKeyNumber + 1) * EFI_CERT_TYPE_RSA2048_SIZE;
+    PublicKeyEntry.Guid         = &gEfiAuthenticatedVariableGuid;
+    PublicKeyEntry.Name         = AUTHVAR_KEYDB_NAME;
+    Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
+
+    if (!CheckRemainingSpaceForConsistency (Attributes, &PublicKeyEntry, VariableDataEntry, NULL)) {
+      //
+      // No enough variable space.
+      //
+      return 0;
+    }
+
     CopyMem (mPubKeyStore + mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
     Index = ++mPubKeyNumber;
     //
@@ -556,7 +574,7 @@ AddPubKeyInStore (
                &gEfiAuthenticatedVariableGuid,
                mPubKeyStore,
                mPubKeyNumber * EFI_CERT_TYPE_RSA2048_SIZE,
-               EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS,
+               Attributes,
                0,
                0,
                &Variable,
@@ -1271,6 +1289,7 @@ ProcessVariable (
   EFI_CERT_BLOCK_RSA_2048_SHA256  *CertBlock;
   UINT32                          KeyIndex;
   UINT64                          MonotonicCount;
+  VARIABLE_ENTRY_CONSISTENCY      VariableDataEntry;
 
   KeyIndex    = 0;
   CertData    = NULL;
@@ -1396,10 +1415,14 @@ ProcessVariable (
   // Now, the signature has been verified!
   //
   if (IsFirstTime && !IsDeletion) {
+    VariableDataEntry.VariableSize = DataSize - AUTHINFO_SIZE;
+    VariableDataEntry.Guid         = VendorGuid;
+    VariableDataEntry.Name         = VariableName;
+
     //
     // Update public key database variable if need.
     //
-    KeyIndex = AddPubKeyInStore (PubKey);
+    KeyIndex = AddPubKeyInStore (PubKey, &VariableDataEntry);
     if (KeyIndex == 0) {
       return EFI_OUT_OF_RESOURCES;
     }